Open techietav opened 4 months ago
For OpenShift deployments, Cloud Pak Deployer follows the standard steps for IPI installations in the OpenShift documentation.
If the customer has specific guidelines on how security groups must be created, they can create the AWS resources and deploy OpenShift using their own standards. Once created, Cloud Pak Deployer can be used to deploy the Cloud Pak software.
When deploying CP4D onto AWS and creating the OpenShift cluster a Security Group is created with 'rules open to the world' This violates the AWS client security enforcement policy and is immediately removed, as well as triggering an email to the account owner informing them of the incident.
Security Groups MUST be created with least privileged principles so only the require ports and hosts are specified.
This requires an immediate fix.